security

package

v0.0.0-...-3f851fe Latest Latest Go to latest Published: Jul 22, 2019 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chrislusf/weed-fs

Documentation ¶

Index ¶

Variables
func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error)
func GetActualRemoteHost(r *http.Request) (host string, err error)
func LoadClientTLS(config *viper.Viper, component string) grpc.DialOption
func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption
type EncodedJwt
- func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt
- func GetJwt(r *http.Request) EncodedJwt
type Guard
- func NewGuard(whiteList []string, signingKey string, expiresAfterSec int, ...) *Guard
- func (g *Guard) WhiteList(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request)
type SeaweedFileIdClaims
type SigningKey

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrUnauthorized = errors.New("unauthorized token")
)

Functions ¶

func DecodeJwt ¶

func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error)

func GetActualRemoteHost ¶

func GetActualRemoteHost(r *http.Request) (host string, err error)

func LoadClientTLS ¶

func LoadClientTLS(config *viper.Viper, component string) grpc.DialOption

func LoadServerTLS ¶

func LoadServerTLS(config *viper.Viper, component string) grpc.ServerOption

Types ¶

type EncodedJwt ¶

type EncodedJwt string

func GenJwt ¶

func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt

func GetJwt ¶

func GetJwt(r *http.Request) EncodedJwt

type Guard ¶

type Guard struct {
	SigningKey          SigningKey
	ExpiresAfterSec     int
	ReadSigningKey      SigningKey
	ReadExpiresAfterSec int
	// contains filtered or unexported fields
}

Guard is to ensure data access security. There are 2 ways to check access:

white list. It's checking request ip address.
JSON Web Token(JWT) generated from secretKey. The jwt can come from:
url parameter jwt=...
request header "Authorization"
cookie with the name "jwt"

The white list is checked first because it is easy. Then the JWT is checked.

The Guard will also check these claims if provided: 1. "exp" Expiration Time 2. "nbf" Not Before

Generating JWT:

use HS256 to sign
optionally set "exp", "nbf" fields, in Unix time, the number of seconds elapsed since January 1, 1970 UTC.

Referenced: https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go

func NewGuard ¶

func NewGuard(whiteList []string, signingKey string, expiresAfterSec int, readSigningKey string, readExpiresAfterSec int) *Guard

func (*Guard) WhiteList ¶

func (g *Guard) WhiteList(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request)

type SeaweedFileIdClaims ¶

type SeaweedFileIdClaims struct {
	Fid string `json:"fid"`
	jwt.StandardClaims
}

type SigningKey ¶

type SigningKey []byte

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL